Page 1 of 1
PHP Session Expiry
Posted: Wed Feb 22, 2006 8:28 am
by chrys
Hey, I searched around the web for a while but I did not find anything useful.
The Dilemma
The user has to re-authenticate after 10 or 15 minutes.
The Attempted Fix
ini_set("session.cookie_lifetime", 36000);
ini_set("session.gc_maxlifetime ", 36000);
The Resulting Cookie
Which was set around 9:07 AM on Feb 22
Name: PHPSESSID
Content: 77a4e340ce74c8af9ba7d562fe45141a
Host: my.host.com
Path: /
Expires: Wednesday, February 22, 2006 7:07:21 PM
The Dilemma continues...
The user still has to re-authenticate after 10 or 15 minutes.
Any ideas?
Posted: Wed Feb 22, 2006 10:04 am
by feyd
Sounds like your server is set to clear the temp directory used for sessions fairly often. This may, likely is, outside your control. Talk to your host.
I'd suggest using database sessions.
Posted: Wed Feb 22, 2006 10:11 am
by Roja
feyd wrote:I'd suggest using database sessions.
Same here. Its a bit like using a cannon to kill a mosquito, but adodb has a fantastic db-driven session system.
http://phplens.com/lens/adodb/docs-session.htm
Posted: Thu Feb 23, 2006 8:18 am
by chrys
Apparantley we use TMPFS for /tmp/
It is only supposed to get cleared on reboot. Do you guys have any idea where I could search for things being cleared out automatically?
Posted: Thu Feb 23, 2006 8:28 am
by chrys
It actually just occured, so I looked up the session in the /tmp/ directory that corresponded with their session ID and the session exists... the data seems fine within.
Can PHP be having a problem reading the session? I'm really confused.
Posted: Thu Feb 23, 2006 8:38 am
by Roja
chrys wrote:Apparantley we use TMPFS for /tmp/
It is only supposed to get cleared on reboot. Do you guys have any idea where I could search for things being cleared out automatically?
Thats not accurate. /tmp can be cleared at any time, and on a securely configured system, will often be cleared several times a day.
Posted: Thu Feb 23, 2006 8:51 am
by chrys
Roja wrote:chrys wrote:Apparantley we use TMPFS for /tmp/
It is only supposed to get cleared on reboot. Do you guys have any idea where I could search for things being cleared out automatically?
Thats not accurate. /tmp can be cleared at any time, and on a securely configured system, will often be cleared several times a day.
View my latest post, I checked when the user got "locked out" and the session was still there, they just couldn't log in at this point, they kept getting logged out
Posted: Thu Feb 23, 2006 8:55 am
by Roja
chrys wrote:View my latest post, I checked when the user got "locked out" and the session was still there, they just couldn't log in at this point, they kept getting logged out
Extremely odd. Check the ownership and permission on the session file.
Posted: Thu Feb 23, 2006 8:55 am
by chrys
Roja wrote:chrys wrote:View my latest post, I checked when the user got "locked out" and the session was still there, they just couldn't log in at this point, they kept getting logged out
Extremely odd. Check the ownership and permission on the session file.
-rw------- 1 apache apache 724 Feb 23 09:23 sess_0a4a40cb7e7e8ea7ff48508fe395197f